From owner-freebsd-questions  Sun Oct 13  5:27:30 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8D5AF37B401
	for <freebsd-questions@freebsd.org>; Sun, 13 Oct 2002 05:27:29 -0700 (PDT)
Received: from gw.pelleg.org (gw.pelleg.org [205.201.13.235])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0F25343E88
	for <freebsd-questions@freebsd.org>; Sun, 13 Oct 2002 05:27:29 -0700 (PDT)
	(envelope-from dpelleg@cs.cmu.edu)
Received: from lank.auton.cs.cmu.edu (lank.wburn [192.168.3.41])
	(using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits))
	(Client CN "dpelleg.dsl.telerama.com", Issuer "Dan Pelleg" (verified OK))
	by gw.pelleg.org (Postfix) with ESMTP
	id B727457F3; Sun, 13 Oct 2002 08:27:26 -0400 (EDT)
Received: by lank.auton.cs.cmu.edu (Postfix, from userid 7675)
	id 27EEDFD; Sun, 13 Oct 2002 08:27:15 -0400 (EDT)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <15785.26274.306030.914187@gargle.gargle.HOWL>
Date: Sun, 13 Oct 2002 08:27:14 -0400
To: Neil Darlow <neil@darlow.co.uk>
Cc: freebsd-questions@freebsd.org
Subject: RE: IPFW2 on 4.7-RELEASE
X-Mailer: VM 7.00 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid
From: Dan Pelleg <daniel+fbsdq@pelleg.org>
Reply-To: Dan@cs.cmu.edu, "Pelleg <daniel+fbsdq"@pelleg.org
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG


> Has anyone got IPFW2 working on 4.7-RELEASE? I've been using IPFW/natd 
> successfully since 4.2 but my attempts to do the same with IPFW2 have failed.
> 
> I added IPFW2=true to /etc/make.conf and "options IPFW2" to my kernel config
> then rebuilt libalias, ipfw and my kernel.
> 
> At boot I get the message output that natd has started but the boot process 
> then stops at the point where it previously output "Firewall Logging=YES" to 
> the console.

IPFW2 definitely does work on 4.7. It also seems you built it correctly. My
best guess is that your ruleset does not get parsed by IPFW2's
parser. There are a few minor changes between the parsers. For example,
IPFW's would accept "icmptype" but IPFW2's insists on it being the correct
"icmptypes". There are a few more like this (eg, limit and keep-state are
now enforced not to qualify the same rule).

So try booting that machine with no rules at all, or just enough of them to
let you work on it, then try them out one by one and see where it stops.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message